TeamSploit's Automated Exploitation, when configured correctly, will first requires and automates, a vulnerability scan of the target range. This vulnerability data is then matched to Metasploit modules (exploits), which are launched against the targets.
This exploit matching and execution leverages work done by Carlos Perez (Dark Operator), you can review his work and this particular plugin here.
During the process of configuring TeamSploit, you are actually defining a large portion of the Post-Exploitation process.
Options like your defined Teammates as well as configurable switches like TROLLWARE, NETSTOPPER, and UNPATCHER are Auto-Post Exploitation options.
Utilizing a template system, you can actually further direct TeamSploit on what actions you'd like taken during the Auto-Post Exploitation process.
The Auto-Post Exploitation templates can be found within the TeamSploit/.msf/plugins/ directory.
Within this directory you should find a number of .autopost.source files. These can be edited, and will then be used as the template base the next time you launch TeamSploit.
TeamSploit's Automated Post-Exploitation gathers a substantial amount of system information from an exploited target.
This information gathering, and the entire Post-Exploitation process is configurable, but by default includes information such as:
System Name, Network Information, Usernames/Password Hashes, Groups, Shares, Software Lists, Software Keys, Running Processes, Files of Interest (based on extension), and much more.
Once a target is exploited, TeamSploit's Automated Post-Exploitation process will spawn a new session for both your Listener as well as the Listeners for each of your defined teammates.
This will ensure everyone on the team has access to a system once it is exploited.
The new session will be a persistent session that should survive reboots, as well as other connection issues.
TeamSploit does not ship with any commonly-found trojans, but instead a few custom - templated trojans.
The Trojans can be configured through the TeamSploit configuration, and found within the TeamSploit/.trojans directory.
Within this directory you can alter and add trojans, utilizing the simple template system.
Additionally, if you'd like to add new Trojans, ensure you modify the .autopost.source.trojans file within the code>TeamSploit/.msf/plugins/ directory.
TrollWare is a term coined by the folks behind TeamSploit. It is used to define a set of malicious software that not only performs malicious actions typically found in a Remote Access Trojan, but to also causes havoc for the purpose of the attacker's entertainment.
The TrollWare included with TeamSploit performs the following hilarious actions:
Disables Safe Mode, Forces mandatory Disk-Check on Boot (Unskippable), Changes System Background (Taunting the Administrators), Kills Common Administrative Processes, Auto-Locks Workstation on Unlock (System Locks, and Stays Locked), and more.
First, gaining access to a system can be broken down into the following stages: Reconnaissance, Target Acquisition, Exploitation, Maintaining Access, and Covering Tracks.
With that understanding, TeamSploit can currently fully automate the first four stages: Reconnaissance, Target Acquisition, Exploitation, Maintaining Access.
Reconnaissance - TeamSploit will fully scan, catalog, and record network accessible information on the defined targets.
Target Acquisition - TeamSploit will perform a vulnerability assessment against the defined targets, combining that information with the previously gained reconnaissance information to develop an attack plan.
Exploitation - TeamSploit will then launch the attack plan, stopping attack on a target once access has been gained. TeamSploit will move from target-to-target until all targets are compromised, or the plan is concluded.
Maintaining Access - TeamSploit will launch the Automated Post-Exploitation process on each compromised target, ensuring that persistent access is acquired. TeamSploit will also gather further asset intelligence.
The entire automation process will happen within your first Primary window.
You may use your subsequent primary windows during this time to manually exploit systems or utilize other Metasploit modules and tools. Any access obtained this way, will then launch the Post-Exploitation process on that target.
During the entire process, you will be obtaining sessions to compromised targets within your Listerner window. You are free to interact with these sessions as soon as they connect, without fear of interrupting the automation process.
The Shared session window is a connection to a join MSF console (MSFD). You may use this as a session pool or centralized attack point. One configuration would include having sessions shared to this console as well as individual teammates.
When utilizing the GUI, the Chat window will allow you to communicate with fellow teammates, and the Browser window will allow you to do research. All of this easily accessible from within your TeamSploit enviroment.
If fully configured, TeamSploit can generally compromise an entire network, even with only a single externally vulnerable host.
This is possible due to the lateral movement TeamSploit employs with techniques such as passing-the-hash. Networks with centralized access management (like Active Directory) are very easy targets for TeamSploit.
That said, the longest part of the process is the vulnerability assessment. If configured properly, TeamSploit does have a very quick execution time, and 10 minutes is not unheard of.
First and foremost, it is important to understand that while there is a thin layer of TeamSploit between you and Metasploit - you do have direct access to Metasploit.
Often you'll be able to complete your desired action with nothing more than normal Metasploit commands and usage. So be sure you are fimiliar with Metasploit before you venture into the TeamSploit realm.
Metasploit Unleashed is an excellent, free, and online training course developed by Offensive Security, for Metasploit, and is great starting resource.
nessus_scan_new [policy number] [scan name] [scan target range].vuln_exploit -j [number of concurrent jobs].pass_the_hash -j [number of concurrent jobs].TeamSploit is released under the GNU Public License, Version 3. You can find a copy of the license here.
The GPLv3 makes TeamSploit Free as in Free Speech and Free as in Free Beer.
You are free to Modify, Share, Distribute, and Use TeamSploit as you see fit, as long as you follow the guidlines of the GPLv3.
TeamSploit is released under the GNU Public License, Version 3. You can find a copy of the license here.
You may modify TeamSploit in any way you desire; however, if you distribute your changes in any form to someon else, you'll need to release the source code for your changes.
If you make changes for your own personal use, you do not need to release or share your changes with anyone.
However, if you share any of your changes (in any form), you'll need to share the source code for those changes with that person or group.
Your changes must be released under the GPL, Version 3 or higher. You can find a copy of the license here.
Once your changes are released under the GPL, the recipients of said changes will have the same rights and access that you do with TeamSploit.
They will be free to Modify, Share, Distribute a, and Use your changes as they see fit, as long as they follow the guidlines of the GPL.
Many people have contributed to TeamSploit in various different ways. It is a community, opensource project afterall.
Here is a list and Special Thanks to some of the top contributors:
Send Justin Wray a copy of your changes, and how you wish to be attributed (name/alias, email, website, and anything else you'd like included).
Justin will review the changes, and if they provide a useful purpose, they may very well be included in an official release.
All great things, including TeamSploit, start with an idea. If you have a worthwhile idea, it may very well be worked on.
Send Justin Wray a copy of your ideas, and how you wish to be attributed (name/alias, email, website, and anything else you'd like included).
Justin will review the ideas, and if they provide a useful purpose, add them to the development roadmap.
Whenever possible attribution will be provided. However, in cases where technologies, ideas, or processes are publically distributed, it's possible attribution may not be included.
If however, you share your changes with us directly, you'll get attribution if you so desire. You can of course opt-out, and remain anonymous as well.
Sadly this happens from time to time. Whenever possible attribution is provided.
However, in cases where technologies, ideas, or processes are publically distributed it's possible attribution may not be included.
Of course there are times when someone else may simply steal your work and pass it off as their own.
In either case, contact us and we'll work with you to see if we can get attribution added.
All of the TeamSploit developers work on TeamSploit on their own time.
If you wish to help support the TeamSploit core developers, you can!
All donations go to the TeamSploit core development team and assist with future development work.
You can use Dontate Button below or, if you wish, you can send bitcoins donations directly to 1D7Z8wMfjGa7ApnHDD7bHcqg99cQwPStPv
TeamSploit was built and tested on BackTrack and other Ubuntu/Debian based distributions of Linux.
However, TeamSploit has also been tested and works on OSX and non-Debian based Linux distributions.
It should more or less work on any POSIX system as long as you have the required dependencies, of which you can find a list here
TeamSploit was built and tested on BackTrack and other Ubuntu/Debian based distributions of Linux.
However, TeamSploit has also been tested and works on OSX and non-Debian based Linux distributions.
It should more or less work on any POSIX system as long as you have the required dependencies, of which you can find a list here
If you've found a unique enviroment that you've gotten TeamSploit working on and you'd like to share that information - please do.
If you've found a POSIX system WITH the dependencies installed, yet still cannot get TeamSploit running - please let us know.
Well... Maybe.
TeamSploit will not just run on a regular Windows install, it may work however, if you have a POSIX enviroment (like Cygwin) installed, and the Linux version of Metasploit, etc
However it has never been tested (to our knowledge), and is not going to be an easy task.
TeamSploit is built for a POSIX system and depends on things like BASH and other Linux based utilities and methods.
As most of TeamSploit is interpreted and coded in Ruby, it is very possible to port TeamSploit over to Windows.
Porting TeamSploit is not even on the Roadmap, and if it ever makes it to the roadmap it will be very, very low on the priority list.
That all said, if someone comes along and ports it, we'll be happy to release the port. Just let us know.
TeamSploit is built for any version of Metasploit that is built on Ruby, which is 3.0+
It is however important to stay up-to-date with the newest version of Metasploit and TeamSploit, to ensure you are getting the latest and greatest features and all of the stable bug-fixes.
TeamSploit has been built and tested on Ruby 1.8; however, it is possible to get TeamSploit (GUI) working with Ruby 2.0
The TeamSploit (GUI) is compatable with Ruby 2.0, and was only built against 1.8 because the required Ruby bindings within the BackTrack repository are currently built for version 1.8
You'll first need to configure TeamSploit, be sure to have all GUI options disabled.
Next, you'll need to execute the setup process:
./.setup
At this point, the TeamSploit enviroment is configured, and ready to go.
You can launch a Primary console with:
sudo msfconsole -m .msf -r .teamsploit.rc.primary
You can launch additional subsequent Primary consoles with:
sudo msfconsole -m .msf -r .teamsploit.rc.primary.sub
The Listener console can be launched with:
sudo msfconsole -m .msf -r .teamsploit.rc.listener
It is imperative that you have at least, a single Primary and a single Listener console open for TeamSploit to properly function.
If you do not wish to use multiple TTYs in order to run TeamSploit, you may want to look into screen which is avaliable on most Linux distributions.
It really is that easy. TeamSploit dynamically finds your Metasploit install, and will load whichever CLI you have avaliable. This will give you access to some of the MSF Express or MSF Pro functionalities.
Someone will need to be running TeamSploit (it can be on a server or some other centralized resource). Make sure this person has TeamSploit set to launch a MSFD service.
TS_SERVER=0
TS_SERVER_MSFD_PORT=51337
TS_SERVER_MSFRPCD_PORT=51338
TS_SERVER_MSFRPCD_USER=teamsploit
TS_SERVER_MSFRPCD_PASS=password
Then just point the Armitage clients to the shared Database and the TeamSploit MSFD service.
From this point you'll be able to access the TeamSploit plugins, including the automated post-exploitation and shell sharing.
Note:
It if very important to understand that the configuration for the copy of TeamSploit that is running is shared, so be sure that configuration matches the enviroment/settings your group/team needs and wants.TeamSploit needs to be configured before you can use it. No worries, there are plenty of sane-default options, so not too much work is needed.
It is required that you at least change the TS_CONFIG value to 1
Take a look at the Getting Started documentation to get a better idea of how you should configure TeamSploit.
TeamSploit needs a number of items to already be installed and working before you can load TeamSploit.
Take a look at the Install documentation to get a better idea of what you need and how to get it.
This is usually the case when you have a corrupt Metasploit Install or Environment.
Simply remove any current Metasploit installation(s) and then re-install Metasploit which should resolve the issue.
This is an issue with the threaded nature of TeamSploit. To put simply, you can just ignore it.
The issue is TeamSploit is closing one (or all threads) before the thread manager believes they are done - which is semi-true, you're closing them before they close on their own (which they never do).
Seriously though, it is not an issue. It is safe to ignore. We're working on a better exit cleanup, that should resolve the noise.